J'ai un PC avec Ubuntu 16.04 installé. Récemment, je souhaite installer certains packages, mais j'ai du mal à les installer. Après quelques recherches, j'ai constaté que l'échec semble être lié au système de compte d'utilisateur Linux. Le problème est qu'aucun fichier dont le nom est préfixé par passwd.ne peut pas être créé dans le /etcchemin.
# ls /etc/passwd.*
ls: cannot access '/etc/passwd.*': No such file or directory
# touch /etc/passwd.test-test-test
touch: cannot touch '/etc/passwd.test-test-test': Permission denied
# ls /etc/passwe.*
ls: cannot access '/etc/passwe.*': No such file or directory
# touch /etc/passwe.test-test-test
#
Je peux créer ce fichier dans d'autres chemins, tels que /ou /usr, mais pas dans /etc, et je peux créer un fichier avec d'autres noms de fichiers dans /etc, mais pas avec des noms de fichiers préfixés par passwd.. Je ne peux pas reproduire ce problème avec d'autres PC.
J'ai essayé d'autres commandes:
nano /etc/shadow.xxxecho xxx > /etc/shadow.xxxtouch /etc/test-temp-file && mv /etc/test-temp-file /etc/shadow.xxxsystemctl stop apparmor- Redémarrez le système
Rien ne fonctionne.
Qu'est-ce qui pourrait causer ce problème?
Voici quelques sorties de commande de débogage:
# ls -ld /etc
drwxr-xr-x 136 root root 12288 Aug 12 10:07 /etc
# lsattr -d /etc
----------I--e-- /etc
# ls -dZ /etc
? /etc
# type -a touch
touch is /usr/bin/touch
touch is /bin/touch
# file "$(command -v touch)"
/usr/bin/touch: symbolic link to /bin/touch
Voici la stracesortie:
# strace touch /etc/passwd.test-test-test
execve("/usr/bin/touch", ["touch", "/etc/passwd.test-test-test"], [/* 22 vars */]) = 0
brk(NULL) = 0x8da000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=80559, ...}) = 0
mmap(NULL, 80559, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9bc360e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1868984, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360d000
mmap(NULL, 3971488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9bc3033000
mprotect(0x7f9bc31f3000, 2097152, PROT_NONE) = 0
mmap(0x7f9bc33f3000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c0000) = 0x7f9bc33f3000
mmap(0x7f9bc33f9000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9bc33f9000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9bc360b000
arch_prctl(ARCH_SET_FS, 0x7f9bc360c700) = 0
mprotect(0x7f9bc33f3000, 16384, PROT_READ) = 0
mprotect(0x60e000, 4096, PROT_READ) = 0
mprotect(0x7f9bc3622000, 4096, PROT_READ) = 0
munmap(0x7f9bc360e000, 80559) = 0
brk(NULL) = 0x8da000
brk(0x8fb000) = 0x8fb000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1668976, ...}) = 0
mmap(NULL, 1668976, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9bc3473000
close(3) = 0
open("/etc/passwd.test-test-test", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = -1 EACCES (Permission denied)
utimensat(AT_FDCWD, "/etc/passwd.test-test-test", NULL, 0) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2995, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096) = 0
close(3) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "touch: ", 7touch: ) = 7
write(2, "cannot touch '/etc/passwd.test-t"..., 41cannot touch '/etc/passwd.test-test-test') = 41
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale-langpack/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Permission denied", 19: Permission denied) = 19
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
ubuntu
permissions
EFanZh
la source
la source
ls -ld /etcdit-on? Et alorslsattr -d /etc? Si vous utilisez SELinux, quels -dZ /etcdit-on? Si vous utilisez AppArmor, que dit la commande équivalente (je ne sais pas de quoi il s'agit)? En quoi est-ce/etc/différent des/etcautres PC? Exécutez-y les mêmes commandes et recherchez les différences.touchune fonction ou un script ou quelque chose? Que fairetype -a touchetfile "$(command -v touch)"signaler? Je ne peux pas reproduire sur ma boîte 16.04.root, non?Réponses:
J'ai découvert pourquoi. C'est parce que ISecTP (Endpoint Security for Linux Threat Prevention) a été installé sur mon PC. Il comprend la " Protection d'accès ", qui utilise soit l'interface fanotify du noyau, soit l'injection d'un module personnalisé dans le noyau ( configurable lequel d'entre eux il fait ), pour provoquer le refus d'accès aux chemins arbitraires. Je n'étais pas au courant car je ne suis pas le seul à utiliser le PC. Après l'avoir désinstallé, tout va bien maintenant.
Merci à tous pour votre aide!
la source